Skip to content

How to Monitor a Domain Name and Never Miss Its Expiration

Why domains expire silently, how RDAP monitoring works, and how to set up alerts for your own domains or ones you want to acquire.

domainsmonitoring

Every year, established businesses lose their domain, and with it their website and their email, for a banal reason: the renewal notice landed in an inbox nobody reads anymore. Meanwhile, domain investors make a living catching good names the moment they drop. Both problems have the same answer: watch the domain instead of trusting your memory.

Why domains expire silently

A domain isn’t bought, it’s rented. When the expiration date passes, most registrars apply this timeline:

  1. Expiration. The site and email often keep working for a few days, which nicely hides the problem.
  2. Grace period (typically 0 to 45 days). The owner can still renew at the normal price.
  3. Redemption period (typically 30 days). Renewal is still possible, with a hefty penalty fee.
  4. Pending delete (about 5 days). The domain is frozen, then released to the public.

The renewal emails that are supposed to protect you go to the registrant contact on file. In practice that’s often an ex-employee, an old agency, or an address hosted on the very domain that just stopped working.

WHOIS is being replaced by RDAP

For decades, checking a domain’s status meant WHOIS: a plain-text protocol with no standard format, aggressive rate limits and data that varies wildly between registries. Its successor, RDAP (Registration Data Access Protocol), serves the same registration data as structured JSON over HTTPS, with consistent status codes across registries.

For monitoring, that difference is decisive. Status values like clientTransferProhibited, pendingDelete or redemptionPeriod can be parsed reliably, so a machine can watch a domain and tell you what changed exactly, instead of a human squinting at two text dumps.

What to monitor, concretely

For domains you own: the expiration date, with alerts far enough ahead (60 and 30 days) that a renewal can survive internal processes. Also status changes, because a clientHold or a transfer status you didn’t initiate is an early hijacking signal.

For domains you want to acquire: the same status chain, read in the other direction. redemptionPeriod followed by pendingDelete means the current owner is probably letting it go, and tells you roughly when it will drop.

For your brand: newly registered lookalikes. Your name with a typo, a hyphen, another TLD. Most phishing campaigns against your customers start with one of these registrations.

Manual checks don’t scale

Checking one domain by hand takes a minute. Checking twenty domains every day, parsing status codes and remembering which threshold triggers which alert is a machine’s job. The pattern is always the same: a watchlist, a daily RDAP check, and an email when something changes or a deadline approaches.

We built Domain Sentinel to be that machine. Add domains to a watchlist and it checks them daily, emails you on status changes, and reminds you 60, 30, 7 and 1 day before expiry. Basic lookups need no sign-up, and there’s a free REST API if you’d rather wire the checks into your own tools.